German laid-open application DE 197 24 901 A1 discloses a mobile telephone to the GSM standard (GSM=global system for mobile communication). The mobile telephone comprises a control unit, a device memory and an interface for a subscriber identity module (SIM). User data, such as address lists, turnover data or price lists, for example, may be loaded into the device memory via a line connection to a computer. It is also possible to load programs (not described in greater detail) into the device memory via the line connection, and subsequently to execute them through the mobile telephone. Data may be transferred in an integrity-assured or encrypted form.
When GSM mobile telephones are switched on, there is generally an authorisation check, wherein the user has to enter a personal secret number (PIN=personal identification number). The full user interface, including the option to access the user data stored in the mobile telephone, is only enabled if the secret number is entered correctly. Most confidential user data is therefore secure to a certain degree. There is, however, the problem that sufficiently devoted criminals are able to get round this security. Memory components of mobile telephones may, for example, be read out directly at hardware level using appropriate devices.
It is particularly beneficial to store user data in a mobile device if the mobile device is also set up to execute application programs for processing this user data. Powerful GSM mobile telephones and PDAs nowadays have this functionality. Because of the high transfer speeds of mobile devices of the 2.5th and 3rd generations, such as, for example, devices for the GPRS (general packet radio service), EDGE, UMTS (universal mobile telecommunications system) and WCDMA (wideband code-division multiple access) networks, application programs may be loaded and/or updated from a service provider into the mobile device via the air interface.
Said mobile devices are beset with problems and require improvement in numerous respects. In the first place, it should be possible to prevent unauthorised access to application programs. It should therefore be ensured that only the authorised user may call an application program, or individual secured functions of the application program. Secondly, it would be desirable to be able to offer the user a selection of functions that was tailored as closely as possible to his requirements. Thirdly, the provided functions should be as device-independent as possible.